[squid-users] HTTPS through http proxy

Blaxton blaxxton at yahoo.com
Tue Dec 6 06:30:09 UTC 2016


Thank you Amos,
version of squid is : squid-3.3.8-26.el7_2.4.x86_64
Is this statement true:squid is not aware or traffic that is made with connect command ?since connect command make a tunnel within squid ?
passing below argument to JVM:-Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080cause application connect to https://webcache.exammple.comhowever I have not created any certificate.May I assume squid is built with ssl enabled and both https and http proxybeing provided on one port ?
either above statement is true, or maybe Java has a bug.
Thanks for help, I will check on squidtool.
Thanks

      From: Amos Jeffries <squid3 at treenet.co.nz>
 To: squid-users at lists.squid-cache.org 
 Sent: Monday, December 5, 2016 6:04 PM
 Subject: Re: [squid-users] HTTPS through http proxy
   


On 6/12/2016 6:40 a.m., Blaxton wrote:
> Hi
>
> So I understand that using connect method https connection can pass 
> through http proxy
> but I am seeing strange behavior and thought some one here might help 
> me to find
> the problem we are facing.
>
> I am using simple java app to test https connectivity through http proxy:
> http://alvinalexander.com/blog/post/java/simple-https-example
>
> If we run below command agains squid running on RedHat:
> java -Dhttp.proxyHost=webcache.example.com -Dhttp.proxyPort=808 
> JavaHttpsExample
> connection fails , and Squid log file won't even log any thing in log 
> file.

That means you either have a very old Squid, or the transaction is not 
completed yet as far as Squid is aware. Transactions only get logged on 
completion, in this case when the CONNECT tunnel connection is closed by 
one of the remove endpoints (client or server). It is not uncommon to 
have tunnels stay open all day with HTTPS traffic going back and forward 
unseen.

The recent Squid releases log failed client connections that did not 
have any HTTP message received. So you can see if the failure happened 
before HTTP happened.

> but if we run:
> java -Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080 
> JavaHttpsExample
> I get response and a line being recorded in log file.
> And now running the same app against different squid running on Centos,
> I get response from both but nothing being logged with -Dhttp.proxyHost.

see above about logging time.

> Please help.
> If any one has any tips or any simple app to test different aspect of 
> https connectivity through squid please let me know.


You can also use recent squidclient tool if it has been built with 
GnuTLS support. Or curl with debug tracing. Or wireshark with packet 
captures if you know how.

Amos

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161206/43404099/attachment.html>


More information about the squid-users mailing list